SYM_PY_0253 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses the MD4 hash algorithm, which is outdated and insecure. MD4 is vulnerable to collisions and should not be used for hashing sensitive data or cryptographic signatures.
Impact
Attackers could exploit MD4's weaknesses to generate forged hashes, potentially bypassing authentication, tampering with data integrity, or exposing sensitive information. This can lead to unauthorized access or data breaches if not replaced with a secure hash algorithm like SHA-2 or SHA-3.